[Oisf-users] Suricata providing so_rules?

Victor Julien lists at inliniac.net
Fri Jul 14 13:16:38 UTC 2017

On 13-07-17 06:56, Charlie Dyer wrote:
> Hello
> As I understand it Snort has the ability to somewhat midly obfuscate
> certain rules by writing them in C and providing them in binary form,
> mostly to satisfy NDAs or to protect vulnerability details where
> exploits are not really in the public domain.
> How does Suricata cater for such rules?

We don't support so_rules.

You can write your own logic in lua scripts. I guess you could obfuscate
those if you wanted to. I think it provides only limited value wrt
hiding the detection logic though. But that is true for the so_rules as

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list